Fortimanager
CVE-2025-68482
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.
AnalysisAI
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack. [CVSS 6.9 MEDIUM]
Technical ContextAI
Classified as CWE-295 (Improper Certificate Validation). Affects Fortimanager. A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Fortimanager
View allArbitrary file write and folder deletion in Fortinet FortiManager, FortiOS, and FortiProxy is possible via a path traver
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2
A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and bef
Remote code execution in Fortinet FortiManager and FortiAnalyzer (plus their Cloud variants) arises from a stack-based b
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may
An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 throu
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 thr
Same weakness CWE-295 – Improper Certificate Validation
View allShare
External POC / Exploit Code
Leaving vuln.today